Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
David Culbertson, president and CEO of CSI.
The financial impact of fraud can devastate businesses of any size. The Association of Certified Fraud Examiners estimated in a 2024 report on global occupational fraud that “organizations lose 5% of revenue to fraud each year.” The average loss per case totaled $1.7 million, with a median loss of $145,000. Meanwhile, a 2023 survey from Mitek Systems found that check fraud impacted almost one-third of small businesses within a 12-month period.
Unlike consumers—who have a greater level of protection from fraud losses—businesses face significant financial and reputational risks should they fall victim. This vulnerability reinforces why organizations must evolve beyond fraud awareness and, in partnership with their financial institutions, adopt prevention strategies, practices and technologies that can keep pace with the constantly adapting threat.
Defrauding Businesses
Fighting fraud resembles a never-ending war in which the enemy constantly adapts and tests new ways to attack. Common techniques used to defraud businesses include:
• Business email compromise, whether through impersonation or account takeover.
• Social engineering, such as impersonating a CEO or manager in a text message to authorize a wire transfer.
• Check fraud, including check kiting, check washing and counterfeit checks.
• Invoice fraud, in which fraudsters impersonate legitimate vendors or manipulate existing invoices.
• Payroll and expense report fraud, committed by internal bad actors.
Fraudsters grow increasingly sophisticated, deploying advanced social engineering schemes and AI technologies to scale—and become more efficient in—their efforts to defraud both non-bank businesses and their financial institutions. The growth of digital channels, meanwhile, creates more attack vectors through which fraudsters can access and exploit sensitive information like account numbers, card information and passwords.
Even if banks aren’t held liable for fraud committed against a business customer, they may choose to cover the losses to protect their commercial relationships or their own reputation in the communities they serve. The most recent Banking Priorities Executive Report from CSI underscores bankers’ concerns for their retail and commercial customers. More than four in 10 community banks identified card fraud (44%) and check fraud (44%) as their top challenges, followed by fraudulent account opening (40%), wire transfer fraud (39%), account takeovers (33%), P2P fraud (33%), phishing (31%) and insider threats, which were slightly less reported at 26%.
Joining Your Bank In The Fight
Fortunately, banks are equipped to combat these threats with advanced technologies and practices from which non-bank businesses can learn. The technological arsenal deployed by banks has evolved significantly, moving from traditional rules-based fraud engines to sophisticated risk-based systems.
These advanced platforms integrate multiple capabilities to create a comprehensive fraud detection and prevention framework. Real-time transaction monitoring allows banks to identify and flag suspicious money movements as they occur, while behavior pattern identification helps distinguish normal customer activity from potentially fraudulent transactions. False positive analysis and reduction capabilities help ensure that legitimate transactions aren’t unnecessarily flagged, improving both security and customer experience. Customer risk ratings provide an additional layer of scrutiny by tailoring monitoring intensity to each customer’s risk profile. These systems are complemented by robust security measures such as multifactor authentication and encryption protocols.
Training employees to recognize fraud attempts like social engineering and phishing scams, although critical, will only get businesses so far. To succeed in the war against fraud, businesses—from mom-and-pop shops to the largest tech companies—must become allies in the fight alongside their financial institutions.
Here’s how businesses can graduate from education and awareness to meaningful action that protects their money—and empowers their banks.
Ask how you can better leverage your bank’s fraud detection and prevention resources.
Establish a point of contact with your bank through which you can quickly report suspicious activity and discuss your business’s risks, vulnerabilities and points of failure. Share relevant information about your business, including your operational model, customer demographics and any recent fraud incidents. More banks are moving from rules-based engines to risk-based ones and may have advanced detection tools like transaction monitoring, real-time alerts and sophisticated pattern matching. Work directly with your bank to provide the context they need to apply them more effectively.
Implement the proper internal controls.
Collaborate with your finance and accounting team to better understand your data and transactions so your business is more equipped to spot losses or anomalous activity. Implement regular reviews of transactions using a risk-based approach to identify potential fraud early. Conduct an assessment of employee authorizations. Only a select few should have access to sensitive information like financial statements, Social Security numbers, login credentials and customer payment and account details. Enforce complex passwords and multifactor authentication in all digital channels.
Enroll in Positive Pay.
Despite (or maybe because of) the growth of digital banking, check and ACH fraud continue to be concerns for banks. Positive Pay is a service that compares issued checks to ones submitted to a bank, cross-referencing information like the date, dollar amount and check number. Banks work together, sharing information about fraudulent checks through industry-wide databases and flagging potentially false checks for review to prevent unauthorized payment.
Conclusion
Fraud prevention is ultimately a shared responsibility. By actively collaborating with their financial institutions, leveraging advanced technologies and implementing robust internal controls, businesses can strengthen their defenses against fraud—and ensure a more secure future.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
